Author: joeyh
Date: 2012-12-21 21:14:38 +0000 (Fri, 21 Dec 2012)
New Revision: 20690
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-21 13:02:44 UTC (rev 20689)
+++ data/CVE/list 2012-12-21 21:14:38 UTC (rev 20690)
@@ -2429,8 +2429,8 @@
NOT-FOR-US: ManageEngine AssetExplorer 5.6
CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3
in IBM ...)
NOT-FOR-US: WebSphere
-CVE-2012-5954
- RESERVED
+CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for
Space ...)
+ TODO: check
CVE-2012-5953
RESERVED
CVE-2012-5952
@@ -3551,8 +3551,7 @@
CVE-2012-5518
RESERVED
NOT-FOR-US: ovirt / vsdm
-CVE-2012-5517
- RESERVED
+CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux
kernel ...)
- linux <unfixed>
- linux-2.6 <removed>
CVE-2012-5516
@@ -5118,8 +5117,8 @@
RESERVED
CVE-2012-4860
RESERVED
-CVE-2012-4859
- RESERVED
+CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for
Space ...)
+ TODO: check
CVE-2012-4858
RESERVED
CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and
11.70 ...)
@@ -6149,8 +6148,7 @@
CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly
verify ...)
{DSA-2573-1}
- radsecproxy 1.6.2-1
-CVE-2012-4565
- RESERVED
+CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in
the Linux ...)
- linux 3.2.35-1
- linux-2.6 <removed>
CVE-2012-4564 (ppm2tiff does not check the return value of the
TIFFScanlineSize ...)
@@ -6320,8 +6318,7 @@
- cups-pk-helper 0.2.3-1
CVE-2012-4509
RESERVED
-CVE-2012-4508 [kernel: ext4: AIO vs fallocate stale data exposure]
- RESERVED
+CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before
3.4.16 ...)
- linux 3.2.35-1
- linux-2.6 <removed>
CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka
claws-mail) 3.8.1 ...)
@@ -6479,8 +6476,7 @@
{DSA-2557-1}
- hostapd <removed>
- wpa 1.0-3 (bug #689990)
-CVE-2012-4444
- RESERVED
+CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the
Linux ...)
- linux 2.6.36-1~experimental.1
- linux-2.6 <removed>
CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID
of ...)
@@ -8918,8 +8914,7 @@
NOT-FOR-US: Tunnelblick
CVE-2012-3483 (Race condition in the runScript function in Tunnelblick
3.3beta20 and ...)
NOT-FOR-US: Tunnelblick
-CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
- RESERVED
+CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication
in ...)
- fetchmail 6.3.22-1 (low)
[wheezy] - fetchmail <no-dsa> (Minor issue)
[squeeze] - fetchmail <no-dsa> (Minor issue)
@@ -9830,8 +9825,8 @@
NOT-FOR-US: Oracle Fusion
CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
NOT-FOR-US: Oracle Database Server
-CVE-2012-3133
- RESERVED
+CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in
Oracle ...)
+ TODO: check
CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3,
...)
NOT-FOR-US: Oracle Database
CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11
allows ...)
@@ -10096,8 +10091,8 @@
NOT-FOR-US: RealFlex RealWin
CVE-2012-3003 (Open redirect vulnerability in an unspecified web application
in ...)
NOT-FOR-US: WinCC
-CVE-2012-3002
- RESERVED
+CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras
allows ...)
+ TODO: check
CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to
execute ...)
NOT-FOR-US: Mutiny Standard
CVE-2012-3000
@@ -13357,14 +13352,14 @@
- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object
Library ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2012-1714
- RESERVED
+CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in
Oracle ...)
+ TODO: check
CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
{DSA-2507-1}
- openjdk-6 6b24-1.11.3-1 (bug #677487)
- openjdk-7 7~u3-2.1.1-1 (bug #677486)
-CVE-2012-1712
- RESERVED
+CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in
Oracle ...)
+ TODO: check
CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
{DSA-2507-1}
- openjdk-6 6b24-1.11.3-1 (bug #677487)
@@ -13393,8 +13388,7 @@
RESERVED
CVE-2012-1700
RESERVED
-CVE-2012-1699 [xfs DoS and information leak]
- RESERVED
+CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font
server ...)
- xfs 1:1.0.1-1
CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
NOT-FOR-US: Solaris
@@ -15111,8 +15105,7 @@
NOT-FOR-US: Ubuntu remote login service
CVE-2012-0958
RESERVED
-CVE-2012-0957 [kernel: uts: stack memory leak in UNAME26]
- RESERVED
+CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux
kernel ...)
- linux 3.2.32-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
@@ -15297,8 +15290,7 @@
NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then
they will want to pick up change 22161 at the same time" --
http://www.openwall.com/lists/oss-security/2012/03/23/12
CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before
2.4.2 ...)
- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
-CVE-2012-0882
- RESERVED
+CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly
other ...)
- mysql-5.1 <undetermined> (bug #675872)
NOTE: limited information about issue, only a video of exploit taking
place
NOTE: This is likely fixed in current releases (5.1.62 updated yassl),
marking as <undetermined> for now
@@ -15433,8 +15425,7 @@
CVE-2012-0842 [surf info leak]
RESERVED
- surf 0.4.1-6 (bug #659296)
-CVE-2012-0841
- RESERVED
+CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting
the ...)
{DSA-2417-1}
- libxml2 2.7.8.dfsg-8 (bug #660846)
CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library
through ...)
@@ -24488,8 +24479,7 @@
- commons-daemon 1.0.7-1
[squeeze] - commons-daemon <not-affected> (Support for libcap was only
added in 1.0.6)
NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs
to be build againt libcap to be exploitable
-CVE-2011-2728
- RESERVED
+CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before
5.14.2 ...)
- perl <unfixed> (unimportant)
NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727
@@ -38606,8 +38596,8 @@
NOT-FOR-US: Oracle Database Server
CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2010-2387
- RESERVED
+CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm)
2.20.x ...)
+ TODO: check
CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and
...)
NOT-FOR-US: Solaris
CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy
Server ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
